Fidelis Network commandpost User manual

www.fidelissecurity.com

About Fidelis Cybersecurity

Fidelis Cybersecurity, the industry innovator in Active XDR and proactive cyber defense solutions, safeguards

modern IT environments with unparalleled detection, deception, response, cloud security, and compliance

capabilities. We offer full visibility across hybrid environments via deep, dynamic asset discovery, multi-faceted

context, and risk assessment. These features help minimize attackable surface areas, automate exposure

prevention, threat detection, and incident response, and provide the context, accuracy, speed, and portability

security professionals need to find and neutralize adversaries earlier in the attack lifecycle. Fidelis Cybersecurity

is dedicated to helping clients become stronger and more secure. Fidelis is trusted by many top commercial,

enterprise, and government agencies worldwide. For more information, please visit www.fidelissecurity.com

Fidelis Network®/Fidelis Deception®

CommandPost

Quick Start Guide

Rev-K (HPE DL360 Gen10) Platforms

www.fidelissecurity.com

1. System Overview

The Fidelis CommandPost appliance is the central component for command and control of Fidelis

Network/Fidelis Deception components. With CommandPost, you create and edit sensor rules, craft

metadata analytics and automation, view alerts from connected sensors and Collector components, and

define and deploy Deception decoys.

Figure 1: Fidelis Network/Fidelis Deception CommandPost Appliance – Rev-K

CommandPost Setup Checklist



Fidelis CommandPost – Appliance Requirements

Appropriate rack space, power, and cooling (Appendix B)

Rack tools, rails, and connectors

Keyboard and video monitor / KVM switch for temporary appliance setup

Power cables – two per appliance, appropriate power source and region

Ethernet cables (cat5e) for Admin and iLO ports (Section 3)

Network switches with enough physical ports (Section 4)

Logical network information: IP addresses, hostnames (Section 5, Appendix A)

2. Documentation, Passwords, and Technical Support

Product Documentation

You can find Fidelis Network/Fidelis Deception product documentation, appliance specifications, and

instructions at https://support.fidelissecurity.com or through the navigation item in the

CommandPost user interface.

Appliance Default Passwords

System Account Default Password

SSH / Appliance Console fidelis fidelispass

CommandPost user interface admin system

iLO administrator (printed on label, top of server)

www.fidelissecurity.com

Technical Support

For all technical support related to this product, check with your site administrator to determine support

contract details. For support of your product, contact your reseller. If you have a direct support contract

with Fidelis Cybersecurity, contact Fidelis Cybersecurity Technical support at:

•Phone: +1.301.652.7190

•Toll-free in the US and Canada: 1.800.652.4020

•Email: support@fidelissecurity.com

•Web: https://support.fidelissecurity.com

3. CommandPost: Network Port and Cabling

Requirements

You must connect each appliance to the various networks using appropriate cables, and in some cases,

also transceivers.

Port Label Physical Connection Type (default) Cable Type (minimum)

Admin GbE RJ45 (Copper) Cat 5e patch cable

iLO GbE RJ45 (Copper) Cat 5e patch cable

Figure 2: CommandPost Rear Port Assignments (Rev-K)

www.fidelissecurity.com

4. CommandPost Networking Environment

The CommandPost appliances use the Admin network for service and inter-node communication.

CommandPost appliances offer the iLO / IPMI interface for optional out-of-band management of the

appliance.

Use the tables below to determine the count and type of switch ports required to support the number of

appliances for your deployment.

Admin Network

The Admin network connects the CommandPost to Fidelis sensors, Collectors, and on-premises Sandbox

components.

Appliance Switch Port Type Qty

CommandPost GbE RJ45 (Copper) 1

iLO / IPMI Network

The iLO / IPMI network is an optional network for remote/out-of-band server administration

Appliance Switch Port Type Qty

CommandPost GbE RJ45 (Copper) 1

www.fidelissecurity.com

5. Appliance – Logical Network Configuration

You must assign logical network information to each physical connection. Build a table of the logical

information for each appliance (sample below) that you can reference during configuration. You will

reference this table multiple times during the cluster setup. Appendix A has a worksheet you can use.

Sample Configuration

Network Setting Assignments

Interface Admin/eth0 iLO / IPMI

Hostname (FQDN) CommandPost-1.organization.net

Static IP Address 10.1.2.3 10.2.3.3

Subnet Mask 255.255.255.0 255.255.255.0

Gateway 10.1.2.1

Proxy Server 10.5.6.7

DNS Servers 8.8.4.4, 8.8.8.8

NTP Servers 0.pool1.ntp.org

Time Zone UTC (+0)

6. Appliance Installation

Rack Installation

Install each appliance in an enclosure/location that has necessary power and cooling. Ensure that the

installation environment is within the operating temperature of the appliance. See Appendix B for

appliance operating temperature requirements.

Power

Connect power cables to the power supplies in the back of the appliance. See Appendix B for appliance

power requirements.

Network Cabling

Using the connectors and cables described in sections 3 and 4, begin to connect the appliances to the

networks.

Cable the CommandPost appliance(s) to the switches:

1. Connect the Admin (eth0) port to the Admin switch port.

2. Optionally, connect the iLO port to the Admin (or iLO) switch port.

www.fidelissecurity.com

7. Appliance Network Configuration

Start the Appliance Network Configuration

1. Power on the appliance(s).

2. Connect to the component CLI using either of the following:

‒Via KVM Console, see Option 1: Connect to the Component CLI Using KVM Console

‒Via iLO, see Option 2: Connect to the Component CLI Using iLO

Option 1: Connect to the Component CLI Using KVM Console

1. Connect a keyboard and monitor to the appliance.

2. Continue with Complete the Appliance Network Configuration.

Option 2: Connect to the Component CLI Using iLO

iLO supports DHCP by default. If you need a static IP address, before performing this procedure, first

follow Configuring iLO to Use a Static IP Address.

1. Log into the iLO console:

https://<IP address>

where <IP address> is the iLO IP address

2. Specify the credentials:

‒Username - Administrator

‒Password - A random eight-character string

‒DNS name - ILOXXXXXXXXXXXX, where the X characters represent the server serial

number.

The iLO firmware is configured with a default username, password, and DNS name. The default

information is on the serial label pull tab attached to the server that contains the iLO management

processor. Use these values to access iLO remotely from a network client by using a web

browser.

3. In the iLO web interface, navigate to iLO Integrated Remote Console.

4. Select Power & Thermal.

5. Click Reset.

The system shuts down and restarts. For Fidelis Network appliances version 9.4.1 or later, a

screen similar to below is displayed. If you do not see this screen, contact Fidelis Customer

Support.

6. Continue with Complete the Configuration.

www.fidelissecurity.com

Configuring iLO to Use a Static IP Address

Use this procedure only if you want to connect to the component CLI using iLO and you need a static IP

address. Note that iLO supports DHCP by default.

1. Directly attach an ethernet cable from a client system, such as a laptop to the iLO port on the

appliance.

2. Restart the machine.

3. Press F9 in the server POST screen.

The UEFI System Utilities start.

4. Click System Configuration.

5. Click iLO 5 Configuration Utility.

6. Disable DHCP:

a. Click Network Options.

b. Select OFF in the DHCP Enable menu.

The IP Address, Subnet Mask, and Gateway IP Address boxes become editable. When DHCP

Enable is set to ON, you cannot edit these values.

7. Enter values in the IP Address, Subnet Mask, and Gateway IP Address boxes. (See Section 5

/ Appendix A)

8. To save the changes and exit, press F12.

The iLO 5 Configuration Utility prompts you to confirm that you want to save the pending

configuration changes.

9. To save and exit, click Yes - Save Changes.

The iLO 5 Configuration Utility notifies you that iLO must be reset in order for the changes to take

effect.

10. Click OK.

iLO resets, and the iLO session is automatically ended. You can reconnect in approximately 30

seconds.

11. Resume the normal boot process:

a. Start the iLO remote console.

The iLO 5 Configuration Utility is still open from the previous session.

b. Press ESC several times to navigate to the System Configuration page.

c. To exit the System Utilities and resume the normal boot process, click Exit and resume

system boot.

iLO is configured to use a static IP address. Continue with Option 2: Connect to the Component CLI

Using iLO.

www.fidelissecurity.com

Complete the Appliance Network Configuration

1. After connecting using either KVM Console or iLO, you should see this screen for Fidelis Network

appliances version 9.4.1 or later.

If you do not see the screen shown above, contact Fidelis Technical Support.

2. With Perform Initial Install or Factory Reset selected, press Enter.

3. Use the Up and Down arrow keys to select CommandPost+, and press Enter.

The system displays a screen with the message Congratulations, your CentOS installation is

complete. The system will automatically reboot.

4. Directly attach an ethernet cable from a client system such as a laptop to the Admin/eth0 port on

the appliance. The default IP address is 192.168.42.11/24. Assign a static IP from the same

subnet to the network interface on the client system and connect to the appliance using SSH.

www.fidelissecurity.com

5. Use the following credentials at the login prompt. You will be required to change the password

immediately.

‒user: fidelis

‒default password: fidelispass

6. From the command line, run:

sudo /FSS/bin/setup

You will be prompted for the fidelis password.

7. With Setup, select Network Settings.

8. Configure the network parameters for the system and each active network interface.

‒Use the Network Configuration table you prepared earlier (Appendix A).

‒When complete, return to the top menu.

9. When complete, select OK to leave Setup.

10. From the command line, reboot the system:

sudo /fss/bin/shutdown.pl --user admin –reboot

8. Fidelis Licensing

The Fidelis CommandPost comes with a 60-day evaluation license. The CommandPost user interface

shows the Host ID for the Fidelis Network hardware, the current license key, and the expiration date.

To access the License page

1. Log into the CommandPost.

2. Access the License page.

For versions 9.4 and later

a. Navigate to: Administration > System > License & System

For versions 9.3.x

a. Navigate to: Administration > System > Components

b. In the row for the CommandPost, click the icon.

c. Click License.

3. If your license key shows <no license> or <invalid>, see Request a License below.

www.fidelissecurity.com

Request a License

1. From the License page, click Request License to start an email to license@fidelissecurity.com.

The email will contain the information required to generate a license for your appliance, including

the Host ID, product type, and serial number.

2. In the body of the email, add the following:

‒Contact name and phone number

‒Organization name and site location

Fidelis Cybersecurity Support will respond within one business day with a license key.

Enter a License Key

After receiving a response to your license request:

1. Copy the license key from the response.

2. In the CommandPost, navigate to the License page.

3. Paste the license key or type it exactly into the License Key box.

4. Click Save.

When complete, Fidelis CommandPost is operational and ready for additional Fidelis components.

Appendix A: Network Configuration Worksheet

Network Setting Assignments

Interface Admin/eth0 iLO / IPMI

Hostname (FQDN)

Static IP Address

Subnet Mask

Gateway

Proxy Server

DNS Servers

NTP Servers

Time Zone

www.fidelissecurity.com

Appendix B: System Specifications

CommandPost (Rev-K)

Form Factor 1U rack-mount chassis SFF

CPU Single Intel Xeon Gold 6246R

16-core 3.4Ghz

TPM TPM 2.0

Memory 128GB

ECC DDR4 2933Mhz

Storage Capacity & Configuration 6x HDD 600GB RAID-5 (3 TB Effective)

Network Adapters (Default Config) 4x 1GbE

Out-of-Band Management Integrated Lights Out Management (iLO)

Power Supply Dual hot-swap

800W High Efficiency

AC power supplies

Dimensions H: 4.29 cm ( 1.69 in)

W: 43.46 cm (17.11 in)

D: 70.7 cm (27.83 in)

Weight (approx.) 16.27 kg (35.86 lb)

Operating Temperature 10° to 35°C (50° to 95°F) at sea level

AC Input Requirements 100 - 120 VAC

200 - 240 VAC

BTU Rating (max) 1902 BTU/hr (100 VAC)

1840 BTU/hr (200 VAC)

1832 BTU/hr (240 VAC)

www.fidelissecurity.com

Appendix C: System Types

For versions 9.4.1 and later, the table below shows the software to apply based on the appliance SKU.

(Note the SKU typically starts with “FNH”). You can find the SKU in the following locations:

•Appliance lid UID decal (see sample on right)

•Shipping carton decal (see sample on right)

•Packing list

•Purchase order

•Maintenance certificate

Appliance SKU System Type

FNH-CP CommandPost